December 22, 2004
Mobile phone security is bad now, but it is only going to get worse, a security firm said Wednesday as it laid out this year's attack timeline to demonstrate the quickening pace of exploits.
Finnish anti-virus vendor F-Secure listed 2004's attacks against smartphones, particularly those running the popular Symbian operating system -- Nokia is a one of the phone makers whose devices use the OS -- starting with the spring's Mosquito "trojanized" game and running through this week's similar threat, another Trojan masquerading as a popular cell phone game, Metal Gear Solid. In between, the Cabir worm spread, which first became public in June, has been detected in China, India, Turkey, the Philippines, and Finland. Most alarming, said F-Secure, is the ramp-up of worms during the last 30 days. Since November 19, eight new exploits attacking smart phones have been uncovered by F-Secure. Five are of the Cabir family, while three are variants of Skulls, a Trojan horse that replaces icons on phone displays with pics of human skulls. "In the future, it's likely that we'll also see new kinds of attacks," said F-Secure in a statement. "They'll include Trojan horses in games, screensavers, and other applications [that] result in false billing, unwanted disclosure of stored information, and deleted or stolen user data." Anti-virus firms have reacted to the increase in mobile device exploits by releasing software suited for cell phones and handhelds. Symantec, for instance, rolled out a PDA-specific anti-virus product in 2003, while this December, Trend Micro made its Mobile Security package available for free downloading. F-Secure also sells something called Mobile Anti-Virus. F-Secure isn't the only security firm to spot a rise in cell phone threats. Symantec's Vincent Weafer, the senior director of the Cupertino, Calif.-based security vendor's threat lab, has it on his list of likely security stories for 2005. "The increasing number of attacks shows that there's an interest building out there among the hacker community," he said of smartphone worms and Trojans. And it'll get worse, a lot worse, he said. "As e-commerce becomes a bigger part of what people do with smart phones, so too will attacks." Currently, e-commerce conducted over smartphones, such as buying goods over the Internet via phone or even paying for small vending charges by phone, is popular in just a few countries, such as Japan. In the near future, Weafer expects to see smartphone infections that mimic human vectors, not the network-cruising threats that typically cause such a ruckus on Net-connected PCs and servers, like 2003's MSBlast or 2004's Sasser. "What's unusual now is that most [smartphone] infections are caused by airplanes, just as something like SARS was," he said. Like a real-world human virus, today's phone worms spread because people criss-cross the globe. In this case they bring their infected devices, not infectious diseases, with them. And those infected phones, when used to conduct e-commerce, will be at risk of exploitation for financial gain, just as PC users have been subjected to a massive increase in for-profit scams like phishing and spyware attacks. "Where there's e-commerce," said Weafer, "there'll be e-crime." Including on a phone near you it seems.
About the Author(s)
You May Also Like